The National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices in the form of white papers, playbooks, and demonstrable implementations for organizations to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. From time to time, the discovery of a cryptographic weakness or advances in the technologies leads to the need to replace a legacy cryptographic algorithm. The advent of quantum computing technology will compromise many of the current cryptographic algorithms in particular public-key cryptography used widely to protect digital information. Algorithm replacement can be extremely disruptive and often takes decades to accomplish. The replacement of algorithms generally requires:
- identifying the presence of the legacy algorithms,
- understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements,
- developing implementation validation tools,
- discovering the hardware that implements or accelerates algorithm performance,
- determining operating system and applications code that use the algorithm,
- identifying all communications protocols with quantum-vulnerable crypto algorithms, and
- updating the processes and procedures of developers, implementers, and users.
The new algorithms will likely not be drop-in replacement and they may not have the same performance or reliability characteristics as the legacy algorithms due to the differences in characteristics such as key size, signature size, error handling properties, number of execution steps required to perform the algorithm, and key establishment process complexity.
Once the replacement algorithms are selected, other operational considerations to accelerate the adoption and implementation across the organization include:
- developing a risk-based approach, taking into consideration security requirements, business operations, and mission impact;
- establishing a communication plan to be used within the organization and for external customers and partners;
- identifying a migration timeline and the necessary resources;
- updating or replacing security standards, procedures, and recommended practice documentation;
- providing installation, configuration, and administration documentation, and
- testing and validating the new processes and procedures.
See the NIST Cybersecurity White Paper Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms for additional background.
The NCCoE will publish a summary of these contributions (without attribution) before the workshop to maximize the exchange of ideas.
Please join the community of interest by sending an email to email@example.com to get the latest updates on the activities related to Migrating to Post-Quantum Cryptographic Algorithms.
Please send an email to firstname.lastname@example.org